How to determine if a user (integrated authentication) is part of a domain security group.

Discussion in 'ASP .Net Security' started by Paul Wolpe, Sep 15, 2004.

  1. Paul  Wolpe

    Paul Wolpe Guest

    I am trying to determine from an ASP.NET 1.1 page if a user is a member
    of a Global Security group (Windows 2000). When I check
    Page.User.IsInRole(@"DOMAINFOO\GroupBar") I always get false.

    Inspecting the User object right after IsInRole has been called (in the
    VS.NET 2003 debugger) I see that the m_roles string[] contains some
    domain groups (like "Domain Users" and "Domain Admins." m_rolesTable is
    undefined since I only have 11 items in my _roles array. None of the
    security groups that I have defined (vs built in security groups)
    appear in the m_roles array.

    Is IsInRole the correct method to be using to check this sort of group
    membership?

    I have seen a lot of discussion on this topic but there doesn't seem to
    be a consensus on how to solve this issue.
    Any thoughts are greatly apreciated.

    -Paul
    Paul Wolpe, Sep 15, 2004
    #1
    1. Advertising

  2. It should work to use IsInRole to get all your domain groups for a
    WindowsPrincipal. Some things that might help:
    - A reboot might be necessary to update your groups in your token
    - Sometimes you need to use impersonation for the groups to get built
    correctly (although that doesn't sound like the problem here)

    Otherwise, I'm not sure what the problem is. Some kind of a trust issue is
    possible, but that doesn't sound like it either.

    Joe K.

    "Paul Wolpe" <> wrote in message
    news:cia1vb$...
    >I am trying to determine from an ASP.NET 1.1 page if a user is a member
    > of a Global Security group (Windows 2000). When I check
    > Page.User.IsInRole(@"DOMAINFOO\GroupBar") I always get false.
    >
    > Inspecting the User object right after IsInRole has been called (in the
    > VS.NET 2003 debugger) I see that the m_roles string[] contains some
    > domain groups (like "Domain Users" and "Domain Admins." m_rolesTable is
    > undefined since I only have 11 items in my _roles array. None of the
    > security groups that I have defined (vs built in security groups)
    > appear in the m_roles array.
    >
    > Is IsInRole the correct method to be using to check this sort of group
    > membership?
    >
    > I have seen a lot of discussion on this topic but there doesn't seem to
    > be a consensus on how to solve this issue.
    > Any thoughts are greatly apreciated.
    >
    > -Paul
    >
    Joe Kaplan \(MVP - ADSI\), Sep 16, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Markus Stehle

    Integrated security + Forms authentication

    Markus Stehle, Aug 21, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    411
    ASP.NET
    Aug 22, 2003
  2. =?Utf-8?B?aG93YXJkIGRpZXJraW5n?=

    Authentication not mapping domain user to local windows group

    =?Utf-8?B?aG93YXJkIGRpZXJraW5n?=, Jan 24, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    621
    David Jessee
    Jan 25, 2005
  3. martin
    Replies:
    1
    Views:
    326
    yikyangchai
    Nov 22, 2005
  4. =?Utf-8?B?Um9ja3k=?=

    How to Add a domain user to a local user group

    =?Utf-8?B?Um9ja3k=?=, Dec 30, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    596
    =?Utf-8?B?Um9ja3k=?=
    Dec 30, 2005
  5. Replies:
    2
    Views:
    248
Loading...

Share This Page